You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My build, which was working fine previously, is failing because of an error with a cache key:
macdjord@MYWORKMACHINE:~/source/OURPROJECT.git$ docker compose build nginx-frontend
WARN[0000] The "CI_JOB_ID" variable is not set. Defaulting to a blank string.
WARN[0000] The "CI_PIPELINE_ID" variable is not set. Defaulting to a blank string.
WARN[0000] The "CI_JOB_ID" variable is not set. Defaulting to a blank string.
WARN[0000] The "CI_PIPELINE_ID" variable is not set. Defaulting to a blank string.
WARN[0000] The "CI_PROJECT_NAME" variable is not set. Defaulting to a blank string.
WARN[0000] The "CI_COMMIT_BRANCH" variable is not set. Defaulting to a blank string.
WARN[0000] The "CI_COMMIT_SHA" variable is not set. Defaulting to a blank string.
WARN[0000] The "GIT_COMMIT_TIMESTAMP_UTC" variable is not set. Defaulting to a blank string.
#0 building with "default" instance using docker driver
#1 [nginx-frontend internal] load build definition from Dockerfile
#1 transferring dockerfile: 516B 0.0s done
#1 DONE 0.1s
#2 [nginx-frontend internal] load metadata for docker.io/library/nginx@sha256:a45ee5d042aaa9e81e013f97ae40c3dda26fbe98f22b6251acdf28e579560d55
#2 DONE 0.0s
#3 [nginx-frontend internal] load .dockerignore
#3 transferring context: 2B 0.0s done
#3 DONE 0.1s
#4 [nginx-frontend internal] load build context
#4 DONE 0.0s
#5 [nginx-frontend 1/4] FROM docker.io/library/nginx@sha256:a45ee5d042aaa9e81e013f97ae40c3dda26fbe98f22b6251acdf28e579560d55
#5 CACHED
#6 [nginx-frontend 2/4] ADD https://ssl-config.mozilla.org/ffdhe2048.txt /etc/nginx/ssl-dhparams.pem
#6 ...
#4 [nginx-frontend internal] load build context
#4 transferring context: 137B 0.1s done
#4 DONE 0.1s
#6 [nginx-frontend 2/4] ADD https://ssl-config.mozilla.org/ffdhe2048.txt /etc/nginx/ssl-dhparams.pem
#6 ERROR: invalid not-modified ETag: "65a0156d-1a7"
------
> [nginx-frontend 2/4] ADD https://ssl-config.mozilla.org/ffdhe2048.txt /etc/nginx/ssl-dhparams.pem:
------
failed to solve: failed to load cache key: invalid not-modified ETag: "65a0156d-1a7"
The relevent part of the compose file:
name: "OURPROJECT"services:
nginx-frontend:
image: "registry.gitlab.com/OURCOMPANY/OURPROJECT/nginx-frontend:${TAG:-latest}"build:
context: "./nginx-frontend/"args:
TAG: "${TAG:-latest}"# Record metadata and Docker image labels for tracking and debugging purposes:labels:
com.OURCOMPANY.OURPROJECT.gitlab_cicd.is_pipeline_build: "${GITLAB_CI:-false}"com.OURCOMPANY.OURPROJECT.gitlab_cicd.build_job.id: "${CI_JOB_ID}"com.OURCOMPANY.OURPROJECT.gitlab_cicd.pipeline.id: "${CI_PIPELINE_ID}"com.OURCOMPANY.OURPROJECT.gitlab_cicd.project: "${CI_PROJECT_NAME}"com.OURCOMPANY.OURPROJECT.gitlab_cicd.docker_tag: "${TAG:-latest}"com.OURCOMPANY.OURPROJECT.gitlab_cicd.git_commit.branch: "${CI_COMMIT_BRANCH}"com.OURCOMPANY.OURPROJECT.gitlab_cicd.git_commit.hash: "${CI_COMMIT_SHA}"com.OURCOMPANY.OURPROJECT.gitlab_cicd.git_commit.time: "${GIT_COMMIT_TIMESTAMP_UTC}"container_name: "nginx-frontend"hostname: "nginx-frontend.container"ports:
- "${OURPROJECT_HTTP_PORT_1:-80}:443"
- "${OURPROJECT_HTTP_PORT_2:-443}:443"volumes:
# TODO: Temporary self-signed cert in repo; add creating cert to install process
- "frontend-ssl:/etc/nginx/ssl/:ro"restart: "unless-stopped"logging:
driver: "json-file"options:
max-size: "50m"mem_reservation: "256m"# End 'nginx-frontend'volumes:
# Stores the SSL certificate filesfrontend-ssl:
name: "OURPROJECT-frontend-ssl"
And the Dockerfile:
# Latest version of tag '1.27.0-alpine' (NGINX v1.27.0 based on Alpine Linux) as of 2024-07-11:FROM nginx@sha256:a45ee5d042aaa9e81e013f97ae40c3dda26fbe98f22b6251acdf28e579560d55
# Download DH paramaters fileADD"https://ssl-config.mozilla.org/ffdhe2048.txt""/etc/nginx/ssl-dhparams.pem"# Install our configuationCOPY"./nginx.conf""/etc/nginx/nginx.conf"# TODO: Temporary self-signed cert in repo; add creating cert to install processCOPY"./ssl/""/etc/nginx/ssl/"
The version of Docker I'm using:
macdjord@MYWORKMACHINE:~/source/OURPROJECT.git$ docker version
Client: Docker Engine - Community
Version: 23.0.0
API version: 1.42
Go version: go1.19.5
Git commit: e92dd87
Built: Wed Feb 1 17:47:51 2023
OS/Arch: linux/amd64
Context: default
Server: Docker Desktop ()
Engine:
Version: 27.2.0
API version: 1.47 (minimum version 1.24)
Go version: go1.21.13
Git commit: 3ab5c7d
Built: Tue Aug 27 14:15:15 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.7.20
GitCommit: 8fc6bcff51318944179630522a095cc9dbf9f353
runc:
Version: 1.1.13
GitCommit: v1.1.13-0-g58aa920
docker-init:
Version: 0.19.0
GitCommit: de40ad0
The version of https://ssl-config.mozilla.org/ffdhe2048.txt currently being served is identical to that stored in the latest successful build, and the ETag currently being returned is in fact "65a0156d-1a7":
(I'd like to check what the ETag stored in the build cache is, but I can't find any command that will show me this information.)
Related issues: #905 and #2832 both describe the same issue. Both are marked as closed.
Further testing: I can delete the existing image and rebuild from scratch, without the cached build. I've held off in case there is other information to be gleaned from the old image before I delete it (such as what ETag it expects for that ADD command).
The text was updated successfully, but these errors were encountered:
Just to be clear here: I'd really like to inspect the build cache metadata for the ADD https://ssl-config.mozilla.org/ffdhe2048.txt layer of the existing image, so that I can check things like 'what ETag is it expecting?', but I don't know a command that will let me do that. If anyone can tell me such a command, I'd appreciate it.
You made a successful build. Server responded content with etag that was saved (I don't think that etag is visible in the output, lets say it was "xyz")
New build is making a HEAD request with If-None-Match: xyz (previous etag, there can also be multiple such etags if you have done many builds and got different results from the URL).
The server responds 304, indicating that previous data is still valid. That request contains Etag ("65a0156d-1a7"), but it doesn't match any of the etags that were in the request. That confuses buildkit as it doesn't know what previous reference the server considered as matching.
Because some servers misbehave we allow a case where 304 doesn't contain etag and request only contained one to consider that the one we sent was matching. But in this case server does seem to send etag but it is not the correct one that should cause 304.
You can't see the raw etag metadata via API. What you can do is find the previous cache record from buildx du --verbose via the description and then prune it with --filter id=value filter.
My build, which was working fine previously, is failing because of an error with a cache key:
The relevent part of the compose file:
And the Dockerfile:
The version of Docker I'm using:
The image from the previous, successful build:
The version of https://ssl-config.mozilla.org/ffdhe2048.txt currently being served is identical to that stored in the latest successful build, and the ETag currently being returned is in fact "65a0156d-1a7":
(I'd like to check what the ETag stored in the build cache is, but I can't find any command that will show me this information.)
Related issues: #905 and #2832 both describe the same issue. Both are marked as closed.
Further testing: I can delete the existing image and rebuild from scratch, without the cached build. I've held off in case there is other information to be gleaned from the old image before I delete it (such as what ETag it expects for that ADD command).
The text was updated successfully, but these errors were encountered: